WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Configuring a service for incoming static NAT68
CHAPTER 11Setting Up Logging andNotificationLogging and notification are crucial to an effective network security policy. Together,they make it possible to monitor your network security, identify both attacks andattackers, and take action to address security threats and challenges.Logging occurs when the firewall records the occurrence of an event to a log file.Notification occurs when the firewall sends e-mail, pops up a window on the EventProcessor, or dials a pager to notify an administrator that WatchGuard detected atriggering event.WatchGuard logging and notification features are both flexible and powerful. Youcan configure your firewall to log and notify on a wide variety of events, includingspecific events at the level of individual services.Ensure logging with failover loggingWatchGuard relies on failover logging to minimize the possibility of missing logevents. With failover logging, you configure a list of Event Processors to accept logsin the event of a failure of the primary Event Processor. By default, the Firebox sendslog messages to the primary Event Processor. If for any reason the Firebox cannotestablish communication with the primary Event Processor, it automatically sendsUser Guide 69
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter
- Page 33 and 34: Opening a configuration fileOpening
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57 and 58: CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60: Defining service properties8 In the
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77: Configuring a service for incoming
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
- Page 85 and 86: Setting global logging and notifica
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
CHAPTER 11Setting Up Logging andNotificationLogging and notification are crucial to an effective network security policy. Together,they make it possible to monitor your network security, identify both attacks andattackers, and take action to address security threats and challenges.Logging occurs when the firewall records the occurrence of an event to a log file.Notification occurs when the firewall sends e-mail, pops up a window on the EventProcessor, or dials a pager to notify an administrator that <strong>WatchGuard</strong> detected atriggering event.<strong>WatchGuard</strong> logging and notification features are both flexible and powerful. Youcan configure your firewall to log and notify on a wide variety of events, includingspecific events at the level of individual services.Ensure logging with failover logging<strong>WatchGuard</strong> relies on failover logging to minimize the possibility of missing logevents. With failover logging, you configure a list of Event Processors to accept logsin the event of a failure of the primary Event Processor. By default, the <strong>Firebox</strong> sendslog messages to the primary Event Processor. If for any reason the <strong>Firebox</strong> cannotestablish communication with the primary Event Processor, it automatically sends<strong>User</strong> <strong>Guide</strong> 69